Baseline Magazine - July/August 2010

WARNING: WE ARE
UNDER ATTACK
CYBER-CRIMINALS ARE ATTEMPTING TO STEAL OUR
IDENTITIES, MONEY, BUSINESS INNOVATIONS AND
EVEN OUR NATIONAL SECURITY SECRETS.

BY TOM SILVER

BASELINE JULY/AUGUST 2010

10

MAKE NO MISTAKE ABOUT IT: WE ARE under attack—you, me, Google and scores of other companies, and even the U.S. government. Cyber-criminals are attempting to steal our identities, money, business innovations and national security secrets. And their attacks are growing more sophisticated and pernicious every day.

As individuals, businesses and governments, we are ill-prepared to fight cyber-attacks on any front. For example, a recently completed four-year review of Defense Department strategies found that large-scale cyber-attacks could massively disable or damage the international financial, commercial and physical infrastructure.

Cyber-threats are increasingly complex, and keeping up with the enemy’s arsenal of weapons is not easy. New threats have emerged, including the more recent ransom and social networking attacks. Cyber-attacks have outstripped most companies’ abilities’ to respond effectively, according to Deloitte’s 2010 CyberSecurity Watch Survey. Nearly half the respondents to that survey said they lack a plan for reporting and responding to a cyber-crime.

That’s the impetus behind a new cyber-security act, which recently passed the House by an overwhelming majority, with similar bills under consideration in the Senate. The Cybersecurity Enhancement Act of 2010 calls for an extensive public and private collaboration (an estimated 85 percent of critical IT networks are privately controlled) on preparedness and restoration, the promotion of cyber-security public awareness, education and R&D. This includes funding scholarships for undergraduates who want to be the next generation of government cyber-warriors, as well as a major government hiring program.

Although the act is not yet law, the stage is set for sizable growth in resources and investments. Technology executives should begin recruiting individuals trained in cyber-security, investing in cyber-security education, examining their infrastructure, and preparing resources to work with the government.

Many technology executives have been investing in cyber-security for years, and have put resources into hiring, training and educating senior management on the key issues. Walgreens is one of many companies with a cyber swat team, and the government spent $6 billion on cyber-security and $356 million on research in 2009, according to the Office of Management and Budget. But those private and public investments have not resulted in adequate defenses.

The proposed legislation, however, entails a quantum leap in rigor, discipline and investment. For example, under the new bill, if your company is deemed the owner of a critical system, you’ll have to develop and rehearse detailed cyber-security emergency response plans.

The purpose is to clarify roles and responsibilities and to divide authority between the government and private sector in case of a cyber-security emergency. Also, you’ll have to use government-approved accreditation, training and certification programs for your staff, and your company would be subject to twice-yearly audits, under the bill’s current language.

With this new level of collaboration and new standards for security, technology executives must start preparing and investing. Additional, ongoing resources will probably be needed to manage the relationship with the government, make new hires, underwrite training programs, and create new systems for enhanced detection, defense, reporting and restoring operations.

If you’re a technology leader at a less-critical company, your government involvement won’t be as great, but you will likely have to improve your security to reach new, far-tougher standards. You may need to augment your staff with experts in network security, data security, security architecture, Internet security or other positions. And you’ll need to train staff on the ongoing intricacies of cyber-crime and cyber-terrorism—and keep training them.

As you might expect, it’s not going to be easy or cheap to dramatically improve cyber-defenses. CIOs are already complaining that anyone with the word “cyber” on his or her resume commands a 20 percent higher salary.

The scramble for talent is under way. The U.S. Department of Homeland Security has an aggressive program to hire 1,000 security experts. On Clearancejobs.com, a site for professionals with active federal security clearance, 5 percent of the jobs posted are related to cyber-security. On Dice.com, a career site for technology workers, knowledge of security is a minimum requirement in nearly 20 percent of the jobs posted.

If we need a catch-phrase to sum up what’s coming, we could dub the next 10 years the “cyber-warrior decade.” 3

Technology executives should begin recruiting individuals trained in cyber-security.

Tom Silver is senior vice president, North America, of Dice Holdings Inc., a provider of career Websites. He has more than 20 years of marketing and management experience.